Data

Data

The UK left the EU on 31 January 2020. A transition period, during which EU laws continue to apply in the UK, is due to end on 31 December 2020. The UK/EU Withdrawal Agreement sets out transitional arrangements and negotiations for the future UK/EU relationship are ongoing.

GDPR and Data Protection

Businesses must be aware that GDPR will continue to apply during the post-Brexit transition period, with the UK planning to implement its own version ('UK GDPR') when the period ends. 

GDPR reaffirms and enhances, sometimes significantly, the rights of citizens and consumers to access their data electronically, to have it corrected or deleted, and to scrutinise data processing. The penalties for non-compliance have also risen sharply. Proper judgement and systems need to be applied to data collection, and if data is lost, rapid notification is critical. However, data is also a strategic issue. Choosing what data to collect, how to use it, and how to protect it can bring great benefits. The value of a business can be greatly increased by good data practice.

We advise our clients on how best to achieve their strategic objectives while complying with an evolving regulatory regime. For corporate clients we highlight gaps in compliance, explain how to implement the requisite policies and procedures, resolve incidents and repair reputations. For private clients we identify the most effective ways to exercise and enforce their rights.

Our group comprises experts in data protection, privacy and reputation management, as well as non-lawyer cyber security specialists. It allows us to cover the full spectrum of support and advice, and to do so from the forefront, advising clients on issues such as AdTech, enforcement of data subject rights and cyber security. 

  • Advising on GDPR compliance, including:
    • Policy review, gap analysis and data protection strategy
    • Preparing Data Protection Impact Assessments (DPIAs) Privacy Impact Assessments (PIAs), data protection policies and data processing agreements
    • Preparing Privacy Impact Assessments, data protection policies and data processing agreements
    • Review of cyber security processes and controls to protect data
    • Data breach procedures
    • Subject access request procedures and handling requests, responses, complaints and enforcement
    • Data portability procedures
    • Advising on direct marketing and compliance with privacy regulation
  • Multi-disciplinary approach to cyber security and data breaches
  • Managing claims before the Courts in relation to data protection, data theft and privacy issues, and investigations by the Information Commissioner's Office
  • Advising on issues of data protection and privacy in relation to reputation management

Mishcon de Reya is acting for a client, Jenny, seeking to challenge the legislation relating to the Foreign Account Tax Compliance Act ("FATCA") which she believes breaches her fundamental rights to data protection and privacy.

Under FATCA, banks are required to send all personal and financial information of any US citizens to US authorities on an annual basis independent of any actual US tax liability. All it takes is for an American citizen to have a bank account outside of America.

Our approach in summary.

Work highlights

Latest

How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

COVID-19 Enquiry

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select a contact method

I'm a client

Please enter your first name
Please enter your last name
Please enter your enquiry
Please enter a value

I'm looking for advice

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select a department
Please select a contact method

Something else

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select your contact method of choice